Rajendra.Reddy/wdipl-actions
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
oldmain
wdipl-actions/readme.md
WDI-Ideas b8f645b726 refactor(secrets): use SONARQUBE_HOST and SONARQUBE_TOKEN for SonarQube 
Made-with: Cursor
2026-04-08 00:15:37 +05:30

217 lines
6.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🚀 CI/CD Setup Guide (For Developers)
This project uses a centralized CI/CD system.
You only need to configure **1 workflow file + secrets**.
---
# 📁 1. Add Workflow File
Create:
```
.gitea/workflows/ci.yml
```
Paste:
```yaml
name: CI
on:
push:
branches: [main, beta, staging, testing]
pull_request:
jobs:
ci:
# Prefer a commit SHA from wdipl-actions @main (see "stale reusable workflows" above).
uses: http://git.wdipl.com/Rajendra.Reddy/wdipl-actions/.gitea/workflows/ci.yml@main
with:
tech_stack: node
# Comma-separated: build, sonar, deploy (WDIPL-Runner only forwards one “flag” string reliably).
ci_steps: 'build,sonar,deploy'
wait_for_quality_gate: 'false'
app_path_beta: /var/www/app-beta
app_path_staging: /var/www/app-staging
app_path_prod: /var/www/app-prod
pm2_id: app
secrets:
SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
BETA_SERVER_HOST: ${{ secrets.BETA_SERVER_HOST }}
BETA_SERVER_PORT: ${{ secrets.BETA_SERVER_PORT }}
BETA_SERVER_USERNAME: ${{ secrets.BETA_SERVER_USERNAME }}
BETA_SERVER_PASSWORD: ${{ secrets.BETA_SERVER_PASSWORD }}
BETA_SERVER_KEY: ${{ secrets.BETA_SERVER_KEY }}
STAGING_SERVER_HOST: ${{ secrets.STAGING_SERVER_HOST }}
STAGING_SERVER_PORT: ${{ secrets.STAGING_SERVER_PORT }}
STAGING_SERVER_USERNAME: ${{ secrets.STAGING_SERVER_USERNAME }}
STAGING_SERVER_PASSWORD: ${{ secrets.STAGING_SERVER_PASSWORD }}
STAGING_SERVER_KEY: ${{ secrets.STAGING_SERVER_KEY }}
PROD_SERVER_HOST: ${{ secrets.PROD_SERVER_HOST }}
PROD_SERVER_PORT: ${{ secrets.PROD_SERVER_PORT }}
PROD_SERVER_USERNAME: ${{ secrets.PROD_SERVER_USERNAME }}
PROD_SERVER_PASSWORD: ${{ secrets.PROD_SERVER_PASSWORD }}
PROD_SERVER_KEY: ${{ secrets.PROD_SERVER_KEY }}
```
---
# 🔐 2. Add Secrets (Repo → Settings → Secrets)
## SonarQube
| Name | Value |
| ---------------- | ------------------------ |
| SONARQUBE_HOST | http://your-sonar-server |
| SONARQUBE_TOKEN | your sonar token |
---
## Beta / Testing Server
| Name | Value |
| -------------------- | -------------------------- |
| BETA_SERVER_HOST | server IP/domain |
| BETA_SERVER_PORT | 22 |
| BETA_SERVER_USERNAME | ssh user (ubuntu/root) |
| BETA_SERVER_PASSWORD | password (optional) |
| BETA_SERVER_KEY | private ssh key (optional) |
---
## Staging Server
| Name | Value |
| ----------------------- | ------------------- |
| STAGING_SERVER_HOST | server IP/domain |
| STAGING_SERVER_PORT | 22 |
| STAGING_SERVER_USERNAME | ssh user |
| STAGING_SERVER_PASSWORD | password (optional) |
| STAGING_SERVER_KEY | ssh key (optional) |
---
## Production Server
| Name | Value |
| -------------------- | ------------------- |
| PROD_SERVER_HOST | server IP/domain |
| PROD_SERVER_PORT | 22 |
| PROD_SERVER_USERNAME | ssh user |
| PROD_SERVER_PASSWORD | password (optional) |
| PROD_SERVER_KEY | ssh key (optional) |
---
# ⚙️ 3. Variables (Edit in ci.yml)
| Variable | What to set |
| --------------------- | ---------------------- |
| tech_stack | node / react / nestjs |
| ci_steps | e.g. `build,sonar,deploy`**no spaces** (runner has no `replace()`) |
| wait_for_quality_gate | `'true'` / `'false'` (quoted) |
| app_path_beta | path on beta server |
| app_path_staging | path on staging server |
| app_path_prod | path on prod server |
| pm2_id | pm2 app name |
---
# 🌿 4. Branch Behavior
| Branch | Action |
| ----------- | -------------------- |
| feature/* | Build + Sonar |
| develop | Build + Sonar |
| testing | Deploy to Beta |
| beta | Deploy to Beta |
| staging | Deploy to Staging |
| main / prod | Deploy to Production |
---
# ⚙️ 5. What Happens on Deploy
```bash
git fetch
git reset --hard origin/<branch>
git pull
npm install
npm run build
pm2 reload <pm2_id>
```
---
# WDIPL-Runner: stale reusable workflows (`uses: ...@main`)
The runner caches clones under **`/root/.cache/act/`** (e.g. `Rajendra.Reddy-wdipl-actions@main`). After you change **`wdipl-actions`**, consumers may still execute an **old `ci.yml`** (wrong `if:` / missing `ci_steps`).
Central **`ci.yml`** includes a **`meta` job** that writes `ci_steps` to **`$GITHUB_OUTPUT`** so **`needs.meta.outputs.cs`** stays available for Sonar/Deploy: WDIPL-Runner clears **`inputs.ci_steps`** after the Build reusable workflow runs.
**Fix one of:**
1. Pin **`uses:` to a commit SHA** from `wdipl-actions`, e.g.
`uses: .../ci.yml@08e779fe5701557b6a589308816be97c20d78dbb`
Bump the SHA whenever you change central CI.
2. On the runner host, delete that cache folder and re-run the workflow.
3. Upgrade the runner if a newer release fixes cache invalidation.
---
# Gitea MCP + Actions API (Cursor)
Official **gitea-mcp** (and the Go SDK it uses) calls **`GET /api/v1/repos/{owner}/{repo}/actions/runs`** to list workflow runs and job logs.
- **Gitea 1.24.x** exposes **`/actions/tasks`** for the same data but **does not** register **`/actions/runs`** (returns `404 page not found`). Tools like `actions_run_read``list_runs` / `list_jobs` will fail until the server is updated or a proxy workaround is applied.
- **Gitea 1.25+** includes **`ListWorkflowRuns`** at **`/actions/runs`** — upgrade **`git.wdipl.com`** to **1.25 or newer** so MCP can list runs and fetch logs without hacks.
**Reverse-proxy workaround (until upgrade):** map list-runs requests to tasks (response shape is compatible for listing):
```nginx
# Only for the repository runs list endpoint (no trailing /{run})
location ~ ^/api/v1/repos/([^/]+)/([^/]+)/actions/runs$ {
proxy_pass http://127.0.0.1:3000/api/v1/repos/$1/$2/actions/tasks$is_args$args;
# ... usual proxy headers to your Gitea backend
}
```
Adjust `proxy_pass` to your Gitea HTTP upstream. Redeploy/reload nginx, then restart Cursor.
**Cursor:** set a user or system environment variable **`GITEA_ACCESS_TOKEN`** (PAT with repo + Actions read scope) and use **`${env:GITEA_ACCESS_TOKEN}`** in `~/.cursor/mcp.json` — do not store tokens in that file.
---
# ⚠️ Notes
* Use **either password OR SSH key**
* Ensure server has:
* Node.js
* PM2
* Paths must exist on server
* Deployment runs only if `ci_steps` includes `deploy` (commabounded token)
---
# ✅ Summary
1. Add `ci.yml`
2. Add secrets
3. Set paths
Done.
---
Reference in New Issue View Git Blame Copy Permalink